-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --On May 21, 2007 14:22:13 +0800 Andy Low <[EMAIL PROTECTED]> wrote:
| Hi,
|
| I installed nfsen recently and encounter problems with the filter and path
| name.
|
| 1) I encounter the following error in my Webserver error logs:
|
| sh: /usr/local/php/bin/nfsen: No such file or directory
| sh: /usr/local/php/bin/nfsen: No such file or directory
| sh: /usr/local/php/bin/GenGraph.pl: No such file or directory
| sh: /usr/local/php/bin/GenGraph.pl: No such file or directory
| sh: /usr/local/php/bin/GenGraph.pl: No such file or directory
| sh: /usr/local/php/bin/GenGraph.pl: No such file or directory
| sh: /usr/local/php/bin/GenGraph.pl: No such file or directory
| sh: /usr/local/php/bin/GenGraph.pl: No such file or directory
| sh: /usr/local/php/bin/GenGraph.pl: No such file or directory
| I am not sure why nfsen GUI will look for path in "/usr/local/php". I
| clearly set the path in the /usr/local/nfsen/etc/nfsen.conf as such:
|
| #
| # Required for default layout
| $BASEDIR = "/usr/local/nfsen";
|
| #
| # Where to install the NfSen binaries
| $BINDIR="${BASEDIR}/bin";
|
| .....
|
| Must I do something to my Apache webserver?
GenGraph.pl is expected to be in $LIBEXEC dir, which is obviously
set to a wrong directory. You do not need to change the default $LIBEXEC dir.
|
| 2) Anyway I bypass the above problem by creating /usr/local/php directory
| and place the binary files there. The second problem, if I wish to see only
| port 80 traffic what should I put in the filter box, under the "detail"
| tabs.
I don't know, why this happend. I assume your config must be broken, that's also
most likely why you have problems in 1)
- Peter
|
| I got the following error messages when I put in this command in the Filter
| box:
|
| /usr/local/php/bin/nfdump -R
| /usr/local/nfsen/profiles/live/18csw01/nfcapd.200705181210:
| nfcapd.200705181410
| Error Messages:
|
| ERROR: Filter syntax: usage /usr/local/php/bin/nfdump [options] ["filter"]
| -h this text you see right here -V Print version and exit. -a Aggregate
| netflow data. -A [/net] How to aggregate: ',' sep list of 'srcip dstip
| srcport dstport' or subnet aggregation: srcip4/24, srcip6/64. -r read input
| from file -w write output to file -f read netflow filter from file -n Define
| number of top N. -c Limit number of records to display -S Generate netflow
| statistics info. -s [/] Generate statistics for : srcip, dstip, ip, srcport,
| dstport, port, srcas, dstas, as, inif, outif, proto and ordered by :
| packets, bytes, flows, bps pps and bpp. -q Quiet: Do not print the header
| and bottom stat lines. -z Zero flows - dumpfile contains only statistics
| record. -l Set limit on packets for line and packed output format. -K
Anonymize
| IP addressses using CryptoPAn with key . key: 32 character string or 64
| digit hex string starting with 0x. -L Set limit on bytes for line and packed
| output format. -M Read input from multiple directories. -I Print netflow
| summary statistics info from file, specified by -r. /dir/dir1:dir2:dir3 Read
| the same files from '/dir/dir1' '/dir/dir2' and '/dir/dir3'. reqquests
| either -r filename or -R firstfile:lastfile without pathnames -m Print
| netflow data date sorted. Only useful with -M -R Read input from sequence of
| files. /any/dir Read all files in that directory. /dir/file Read all files
| beginning with 'file'. /dir/file1:file2: Read all files from 'file1' to
| file2. -o Use to print out netflow records: raw Raw record dump. line
| Standard output line format. long Standard output line format with
| additional fields. extended Even more information. pipe '|' separated,
| machine parseable output format. mode may be extended by '6' for full IPv6
| listing. e.g.long6, extended6. -X Dump Filtertable and exit (debug option).
| -Z Check filter syntax and exit. -t time window for filtering packets
| yyyy/MM/dd.hh:mm:ss[-yyyy/MM/dd.hh:mm:s! Please advice, thanks in advance.
|
| Andy
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iQCVAwUBRlFSO/5AbZRALNr/AQIf3AP/XRXnF7bNByiKT1a+RfgofKeV806yq91p
zbild+F7EvS6Vf5dvwixO2Atwj3m5BTnfEzfNeg2HSDkOVlWauje2WyN4ikL1JtO
umrTlNpaU7hGyUBSN4tzO3BmMMmvcmkVFiZ//mzDcuZoQX9QTQHM5vCU0Jo+hyfq
WNOvpE0gc4s=
=MQgM
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
